Internal Audit Sr Associate – IT
About The Position
The Internal IT Auditor is responsible for assessing information technology controls, cybersecurity processes, data governance practices, and system‑related operational workflows across Kodiak’s healthcare clients. This role requires an analytical and critically minded professional who can exercise sound judgment, communicate clearly, and independently troubleshoot complex issues while maintaining strong collaborative relationships with senior leaders, including CIOs, CISOs, IT Directors, and other executive stakeholders. The position may also lead and coordinate the work of internal auditors by providing direction, coaching, and quality oversight to ensure consistent, high‑quality audit execution and support the professional growth of less‑experienced team members. Kodiak’s customers include health systems, hospitals, and physician practices. Engagements may involve evaluating IT general controls (ITGCs), system access and provisioning, change management, data integrity, cybersecurity and privacy risks, IT asset management, incident response readiness, and other technology‑focused audit or advisory projects. The Internal IT Auditor will also help apply a Risk Intelligence–based approach to identify key risk indicators and areas suitable for continuous monitoring, strengthening long‑term control effectiveness and operational visibility. The role further supports enterprise‑level risk assessments and contributes to internal audit plans aligned with organizational strategy, regulatory requirements, and evolving healthcare technology risks.
Requirements
- Bachelor’s degree in Information Systems, Computer Science, Accounting, or a related field
- Minimum of 4 years of IT auditing experience, preferably within healthcare
- Minimum of 3–4 years of audit or consulting experience (healthcare preferred)
- Understanding of IT risk management, cybersecurity, and internal control frameworks
- Ability to travel a minimum of 20%
Nice To Haves
- Strong understanding of IT general controls, cybersecurity frameworks, and information security best practices
- Familiarity with healthcare IT environments, including EHR systems, ERP platforms, data interfaces, and cloud‑based applications
- Experience developing techniques to evaluate healthcare‑specific technology risks, including those related to clinical operations, system interoperability, and third‑party/vendor dependencies
- Ability to manage multiple projects and achieve timely completion
- Comfort working in a remote team environment and fostering strong customer relationships Experience leading walkthroughs and discussions with IT, clinical informatics, cybersecurity, revenue cycle, and compliance stakeholders
- Experience leading and coordinating the work of internal auditors, providing guidance, coaching, and oversight to ensure high‑quality audit execution and professional development
- Ability to clearly communicate audit expectations, required evidence, and preliminary observations to system owners and clinical/operational leaders
- Ability to prepare concise, executive‑level reports that synthesize IT and operational risks, control gaps, and recommended actions with clear linkage to clinical, operational, and financial impact
- Proficiency with Microsoft Office applications
- Experience with cybersecurity regulations or frameworks (e.g., NIST, HITRUST, HIPAA Security Rule)
- Experience with data analysis tools or audit software is a plus
- Certifications such as CISA, CISSP, CHC, or similar are a plus but not required
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
